Annotation of wikisrc/security/meltdown_spectre.mdwn, revision 1.23
1.6 maxv 1: [[!meta title="Meltdown and Spectre Status Page"]]
1.1 maxv 2:
3: Status of the Fixes
4: -------------------
5:
1.18 maxv 6: NetBSD-6, and all the anterior releases, have no planned fixes.
7:
1.7 maxv 8: ## Spectre Variant 1
9:
1.1 maxv 10: [[!table data="""
1.18 maxv 11: Port |Vendor/Model |Spectre (V1) |NetBSD-7 |NetBSD-8 |NetBSD-current
12: amd64 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed
13: amd64 |AMD |Vulnerable |Not fixed |Not fixed |Not fixed
14: amd64 |VIA |Unknown | | |
15: i386 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed
16: i386 |AMD |Vulnerable |Not fixed |Not fixed |Not fixed
17: i386 |VIA |Unknown | | |
18: mips |MIPS P5600 |Vulnerable |Not fixed |Not fixed |Not fixed
19: mips |MIPS P6600 |Vulnerable |Not fixed |Not fixed |Not fixed
20: mips |Other Models |Not vulnerable | | |
21: ia64 |Intel |Not vulnerable | | |
22: riscv |(Spec.) |Not vulnerable | | |
1.1 maxv 23: """]]
24:
1.7 maxv 25: ## Spectre Variant 2
26:
1.1 maxv 27: [[!table data="""
1.18 maxv 28: Port |Vendor/Model |Spectre (V2) |NetBSD-7 |NetBSD-8 |NetBSD-current
1.23 ! maxv 29: amd64 |Intel |Vulnerable |Not fixed |Not fixed |Fixed [MitigB] [MitigD]
! 30: amd64 |AMD |Vulnerable |Not fixed |Not fixed |Fixed [MitigC] [MitigD]
1.18 maxv 31: amd64 |VIA |Unknown | | |
1.23 ! maxv 32: i386 |Intel |Vulnerable |Not fixed |Not fixed |Fixed [MitigD]
1.21 maxv 33: i386 |AMD |Vulnerable |Not fixed |Not fixed |Fixed [MitigC]
1.18 maxv 34: i386 |VIA |Unknown | | |
35: mips |MIPS P5600 |Vulnerable |Not fixed |Not fixed |Not fixed
36: mips |MIPS P6600 |Vulnerable |Not fixed |Not fixed |Not fixed
37: mips |Other Models |Not vulnerable | | |
38: ia64 |Intel |Not vulnerable | | |
39: riscv |(Spec.) |Not vulnerable | | |
1.1 maxv 40: """]]
41:
1.7 maxv 42: ## Meltdown
43:
1.1 maxv 44: [[!table data="""
1.18 maxv 45: Port |Vendor/Model |Meltdown (V3) |NetBSD-7 |NetBSD-8 |NetBSD-current
1.20 maxv 46: amd64 |Intel |Vulnerable |Not fixed |Fixed [MitigA] |Fixed [MitigA]
1.18 maxv 47: amd64 |AMD |Not vulnerable | | |
48: amd64 |VIA |Unknown | | |
49: i386 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed
50: i386 |AMD |Not vulnerable | | |
51: i386 |VIA |Unknown | | |
52: mips |MIPS P5600 |Not vulnerable | | |
53: mips |MIPS P6600 |Not vulnerable | | |
54: mips |Other Models |Not vulnerable | | |
55: ia64 |Intel |Not vulnerable | | |
56: riscv |(Spec.) |Not vulnerable | | |
1.1 maxv 57: """]]
58:
1.16 maxv 59: ## Mitigations
60:
61: ### Mitigation A: SVS
62:
63: Meltdown is mitigated with the SVS feature. It can be dynamically disabled
64: by changing the "machdep.svs.enabled" sysctl.
65:
1.19 maxv 66: ### Mitigation B: Intel IBRS
67:
68: SpectreV2 can be mitigated with the IBRS method (Intel only for now). If
69: the CPU supports this method, it is used automatically. It can be
70: dynamically disabled by changing the "machdep.spectre_v2.mitigated"
71: sysctl.
72:
73: ### Mitigation C: AMD DIS_IND
74:
75: SpectreV2 can be mitigated with the DIS_IND method, available only on a
76: few AMD families. If the CPU supports this method, it is used
77: automatically. It can be dynamically disabled by changing the
78: "machdep.spectre_v2.mitigated" sysctl.
79:
1.23 ! maxv 80: ### Mitigation D: Retpoline
! 81:
! 82: SpectreV2 is mitigated in the kernel with the GCC "retpoline" compilation
! 83: flag, which is enabled by default in GENERIC.
! 84:
1.10 maxv 85: ## External Resources
86:
1.11 maxv 87: * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
1.12 maxv 88: * [ARM Security Update](https://developer.arm.com/support/security-update)
1.15 maxv 89: * [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)
1.10 maxv 90:
1.13 maxv 91: ## Notes
92:
93: * VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.
94:
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb
![[BACK]](/icons/back.gif){kind=icon}
Return to meltdown_spectre.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / security